First some back-story:
I'm an in-house developer tasked with replacing a paper and pencil-based job ticketing system with an electronic version. Development is not my main job, so it's something I've been working on for a few months in my "spare time" - HA! Anyway, that means that I've shuffled the file back and forth on a thumb drive or drop-box for a while, so I could tweak things from home as random thoughts occurred to me.
We are about ready to go live, and have FMP Server 12 on a Mac mini.
Our IT is handled by a consultant who is on site 1 or 2 times a month and, IMO is over-zealous with security controls. Everything is locked down giving minimal access - just barely enough to do our jobs. He handles our back-ups and we are way too dependent on him, if you ask me… but that's another rant.
Anyway, since I'm the only one who knows anything about FMP, I want to be able to get in and fix things if something goes wrong and I'm not here. I've requested that ports 5003, 16000 and 16001 be forwarded to our FMP Server Mac mini, so that I can get access. All of our databases and server admin utilize security and nothing auto-logins. We aren't doing any web stuff, so I don't think we need port 80 or any of the others forwarded.
I think at some point, there would be a potential for the sales team (and the owner) to utilize off-site access as well.
I'm getting push-back from our IT guy, who is telling the boss that opening any ports on our router, opens us up to "security risks" and therefore, he doesn't want to do it. I'm sure that opening up a port is less secure than not, but how much of a risk are we actually talking about? I'm hoping that some of you can provide some back-up for the benefit vs risk of doing this, since it is such a common practice.
Have the consultant set up VPN access. Your VPN connection puts you inside the firewall. Then you don't have to worry about port forwarding at all.